PDA

View Full Version : Dis-assembly help



MaxHeadRoom
01-01-2008, 11:38 AM
Can anyone offer any insight to this problem.
I went through the tutorials mentioned in another thread, and am attempting to apply the same principle of ignoring the password required.
Here is the dillema.
Using W*2Dasm I locate the string and I see the indication:
*Referenced by a (U)nconditional or (C)onditional jump at address:
|:0040*4C*

I go up to 0040*4C* and see this instruction.
:0040*4C* 0F840A0*0000 je 0040*5D*

Now what I am expecting is to see the Hex representation of 'je' (=74h)
But the code string appears to start with 0Fh.

Other je command strings in the program appear as starting with 74h.

Can anyone shed some light on this?
M.

coz
01-01-2008, 03:26 PM
It's a near jump instead of a short. Short jumps can only jump –*28 to +*27 from the current EIP value. Yours jumps 272 bytes so the op codes are different.

For more info check out this page...
http://faydoc.tripod.com/cpu/jmp.htm

MaxHeadRoom
01-01-2008, 04:59 PM
Thanks, I discovered it also by searching about 20min ago.
I have tried uploading the one I have, but Divshare gave me problems so I have to sort that out first.
I looked at the link, but it does not appear to give the code for the je & jne far jump.
I am trying Olldbg which seems like an excellent program, but some of the files it says 'Does not appear to be an exe file' and does not load them, inspite of the fact I can run them as executables.
Can't win :rolleyes:
Getting closer.
Thanks
M.